WordPress Resets 100,000 User Passwords After Gmail Leak

Last week, news emerged that upto 5 millions of Google users login details were leaked online and was published on a Russian Bitcoin Forum. Although Google says that non of there database was compromised and there were nothing like of security breach.

Even that also, about 60 percent of the login details was valid which effects users Gmail account, G+ and other google products. Apart from this leaks, another leaks were published online which contains the login details of popular Russian website, Yandex and Mail.ru .

As Google leaks details was no way concerns with the WordPress products or service but company found that a bunch of emails that were used in WordPress Blog were also found in the list of leaked database. Company found that user, uses email address for registration on WordPress.com have the same password of their Gmail account and with WordPress.com .

So for this security purpose, Automattic had reset 100,000 accounts. Automattic says-
“We also sent email notification of the password reset containing instructions for regaining access to the account,”

Users who are affected were asked to hit the Login button on the homepage and request a new password.

Automattic revealed that it found 600,000 other matching email addresses on the leaked Gmail list, though these didn't use the same passwords as their WordPress accounts, so weren't reset.

Using the same password across multiple online account is really a bad practice. I have discussed some of the tips for online security, you can check and follow it. Apart from it, we recommend to enable extra security features to your accounts. As there are many sites who provides some extra security for users accounts like - Two-factor Authentication.